Thursday, 7 August 2014

Free Wi-Fi - but it'll cost you your privacy!

At Merlin Telecom, we aim to share the very latest developments in telecoms industry updates with you - to protect your business, help improve your efficiency and also make you aware of risks that might not be widely shared.

The following article references a recent post by Naked Security about the commercial benefits of providers putting free WiFi in place, but it also raises a key issue of what you have to give in order to get it. It truly seems that “nothing is for free”!

The UK city of York is currently rolling out, citywide, the sweet, sweet candy of free Wi-Fi.

All you have to do to get it is to roll over and expose your personal data.

Roy Grant, CIO for the City of York Council, told the BBC that the free service has already enabled his team to ascertain such choice data nuggets as:
  • Who's using the Wi-Fi;
  • Where they're coming from, in terms of origin; and
  • Where they're going.
Businesses are already getting a better insight into footfall, he said - as in, how much time they spend browsing certain products and where do you go for your lunch or stop for a coffee?

How does it work? Well, your mobile device carries a MAC addresses - or Media Access Control address, which is unique and connects you to networks. They can be altered via software, but generally they're not and are stable enough to be considered as a permanent ID that lasts for the lifetime of the device.

When your phone has Wi-Fi switched on, it will search for Wi-Fi networks: a process that involves sending a wireless broadcast that includes the device's MAC address.

This all happens even if you don't actually join a WiFi network.

The collection of anonymous data through MAC addresses is legal in the UK, though it exists in a grey area.

That's because the UK and the EU have strict laws about mining personal data using cookies - small bits of data sent from a website that can be used to uniquely identify people and then monitor their behaviour across different websites.

Under UK and EU law, companies that want to use cookies to track us in the virtual world must gain our consent to do so. However, no such consent is required by UK and EU law to track us in the real world using our devices' MAC addresses.

As far as the US goes, October 2013 saw the emergence of a "code of conduct" (PDF) for mobile marketing firms which they themselves agreed to (note, however, that the retailers who want to use data for marketing purposes didn't actually show up at the code's unveiling).

The code of conduct stipulates that shoppers should clearly know when they're being tracked through their phones in stores and will receive instructions for opting out.

If you don't want to share that data - either by opting in to the free Wi-Fi or having it sucked out of your phone as you wander by - here are some privacy tips shared by Naked Security.

Wi-Fi privacy tips:
  • Turn off Wi-Fi and Bluetooth when you're not using it. You can also use "flight mode" (although you won't be able to receive calls in flight mode).
  • Apps such as Facebook, Twitter and Instagram use geo-tagging. Turn geo-tagging off if you don't want to give away your location.
  • Don't accept prompts to remember Wi-Fi networks - if you automatically connect to networks, you could leave yourself vulnerable to Wi-Fi sniffers, including marketing location analytics firms but also spies or criminals, who can see who you are and track you. An attacker could also create a network with the same name and use it to launch a Man-in-the-Middle attack.
  • Encrypt your devices and data. You should always use a VPN (virtual private network) for a secure connection when you sign on to an open Wi-Fi network.
  • Make sure you're using WPA2 encryption on your wireless networks. Don't use the outdated WEP or WPA encryption protocols.
  • Download the free Sophos UTM Home Edition. It comes with a VPN for both iOS and Android.
If you have any concerns or would like guidance on how best to manage your data security, mobile telephony and business telecommunications, you can call us on 0800 877 8810 or email us via sales@merlin-telecom.co.uk. We’re here to help you get the best service, with the best support and the best value.